Buffer overflow in Microsoft Office
CVE-2017-0254
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automa…
Vulnerability class: Buffer Overflow
EPSS: 0.326 (97.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Office — versions 2010, 2011, 2016
- Microsoft Office_compatibility_pack
- Microsoft Office_web_apps — versions 2010, 2013
- Microsoft Sharepoint_server — versions 2013, 2016
- Microsoft Word — versions 2007, 2010, 2013
- Microsoft Word_rt — versions 2013
- Microsoft Word_viewer
- Microsoft Corporation Office — versions Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016.
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secure@microsoft.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- secure@microsoft.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- secure@microsoft.com (vdb-entry, x_refsource_SECTRACK)
Frequently asked questions
- What is CVE-2017-0254?
- CVE-2017-0254 is a high-severity vulnerability in Microsoft Office, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. CVSS score: 7.8/10. Published 2017-05-12.
- How severe is CVE-2017-0254?
- High severity. CVSS v3 base score is 7.8 out of 10.
- Is CVE-2017-0254 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.